CURLOPT_SSLVERSION' andCURLOPT_PROXY_SSLVERSION`you can specify which SSL or TLS protocol range that is acceptable to you. Traditionally SSL and TLS protocol versions have been found detect and unsuitable for use over time and even if curl itself will raise its default lower version over time you might want to opt for only using the latest and most security protocol versions.
CURLOPT_SSL_FALSESTART, and there are a few other behavior changes to tweak using
CURLOPT_SSL_VERIFYPEERcontrols the check that the certificate is signed by a trusted CA.
CURLOPT_SSL_VERIFYHOSTcontrols the check for the name within the certificate.
CURLOPT_PROXY_SSL_VERIFYPEERis the proxy version of
CURLOPT_PROXY_SSL_VERIFYHOSTis the proxy version of
CURLOPT_PROXY_PINNEDPUBLICKEY. Here too, a mismatch will cause the transfer to fail.
CURLOPT_SSLCERT. The password for the key is usually also required to be set, with